Hi,
I ran the latest UCS package updates on my Domain Controllers to bring them up to 4.3-3 errata428, the Backup completed successfully, however the Master failed due to a backup schema file causing a duplicate object.
I restored the backup VM of my Master, fixed the schema issue and have since successfully ran the update, however, I now have the following error when running the System Diagnostic on the Master DC (DC1):
Warning: Check Samba replication status for errors
‘samba-tool drs showrepl’ returned a problem with the replication.
Inbound ‘DC=ForestDnsZones,DC=local,DC=domain,DC=co,DC=uk’: error during DRS replication from Default-First-Site-Name/DC2 (WERR_GEN_FAILURE)
Inbound ‘DC=DomainDnsZones,DC=local,DC=domain,DC=co,DC=uk’: error during DRS replication from Default-First-Site-Name/DC2 (WERR_GEN_FAILURE)
Inbound ‘CN=Schema,CN=Configuration,DC=local,DC=domain,DC=co,DC=uk’: error during DRS replication from Default-First-Site-Name/DC2 (WERR_GEN_FAILURE)
Inbound ‘DC=local,DC=domain,DC=co,DC=uk’: error during DRS replication from Default-First-Site-Name/DC2 (WERR_GEN_FAILURE)
Inbound ‘CN=Configuration,DC=local,DC=domain,DC=co,DC=uk’: error during DRS replication from Default-First-Site-Name/DC2 (WERR_GEN_FAILURE)
Outbound ‘DC=ForestDnsZones,DC=local,DC=domain,DC=co,DC=uk’: error during DRS replication to Default-First-Site-Name/DC2 (WERR_GEN_FAILURE)
Outbound ‘DC=DomainDnsZones,DC=local,DC=domain,DC=co,DC=uk’: error during DRS replication to Default-First-Site-Name/DC2 (WERR_GEN_FAILURE)
Outbound ‘CN=Schema,CN=Configuration,DC=local,DC=domain,DC=co,DC=uk’: error during DRS replication to Default-First-Site-Name/DC2 (WERR_GEN_FAILURE)
Outbound ‘DC=local,DC=domain,DC=co,DC=uk’: error during DRS replication to Default-First-Site-Name/DC2 (WERR_GEN_FAILURE)
Outbound ‘CN=Configuration,DC=local,DC=domain,DC=co,DC=uk’: error during DRS replication to Default-First-Site-Name/DC2 (WERR_GEN_FAILURE)
If I run ‘samba-tool drs showrepl’ on the backup (DC2), it tells me replication from all inbound neighbours was successful, but running on DC1 gives the same output as the System Diagnostics (WERR_GEN_FAILURE).
The samba log file for DC1 gives the following:
[2019/02/18 13:51:00.815410, 0, pid=28014] …/source4/librpc/rpc/dcerpc_util.c:737(dcerpc_pipe_auth_recv)
_ Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:10.0.1.11[49152,seal,krb5,target_hostname=5f6084b5-a188-446b-ae59-f94d5f171462.msdcs.local.domain.co.uk,target_principal=GC/dc2.lo
cal.domain.co.uk/local.domain.co.uk,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=10.0.1.10] NT_STATUS_UNSUCCESSFUL
The samba log from DC2 gives the following:
[2019/02/18 13:53:56.078536, 1, pid=1810] …/source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DC2$@LOCAL.DOMAIN.CO.UK(kvno 11) in keytab FILE:/etc/krb5.keytab (aes256-cts-hmac-sha1-96)
I have followed the Samba 4 Troubleshooting guide found at this link: Samba 4 Troubleshooting with the following results:
samba-tool drs kcc: ok on both DCs
univention-s4search cn=DC1 msDS-KeyVersionNumber: values equal
samba-tool dbcheck --cross-ncs --fix --yes : fixed several references
Attempted removal and rejoin of DC2, no change, same issue.
I’m now out of ideas. Help!
Thanks in advance
Chris
